d675a20c52c7cf96d6a33b4f83757adca6a77186971c1c97c7ca4877e347831d

Sharing

Copy URL

Twitter E-mail

General

Target

d675a20c52c7cf96d6a33b4f83757adca6a77186971c1c97c7ca4877e347831d
Size

554KB
MD5

e11850c8394bedb5a02c0f89327a94b2
SHA1

99d96a454a294c33267ce99e051cef806641bf4b
SHA256

d675a20c52c7cf96d6a33b4f83757adca6a77186971c1c97c7ca4877e347831d
SHA512

38b044ee757d6f1a7e75e6d8ac84c350811ad786232dc19956256ce7dfa36426cdefd61c0c68cf2b0ee3832f05a3b9050d9d0034730e42792f43d9b5e36bdfc5
SSDEEP

6144:g0UOmA+k5qSMRftBtM1V079Os6Uzdi1DOmgEsXQ6koQkvkkUOmSPA7wc:gRA+fqf0VUDbIQQkSmT7l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d675a20c52c7cf96d6a33b4f83757adca6a77186971c1c97c7ca4877e347831d

Files

d675a20c52c7cf96d6a33b4f83757adca6a77186971c1c97c7ca4877e347831d
.exe windows:6 windows x86 arch:x86

120cb0ff535b31a9f3f27b9e94c68802

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ehRecvr.pdb

Imports

advapi32

CloseServiceHandle
OpenServiceW
OpenSCManagerW
ReportEventW
SetServiceStatus
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
LookupAccountNameW
AddAce
GetAce
GetAclInformation
AddAccessAllowedAce
InitializeAcl
GetLengthSid
IsValidSid
DeleteService
ControlService
RegisterEventSourceW
RegEnumKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ChangeServiceConfig2W
CreateServiceW
DeregisterEventSource
RegisterServiceCtrlHandlerExW
RegDeleteKeyW
StartServiceCtrlDispatcherW
CreateWellKnownSid
RegGetValueW
RegEnumKeyW
RegEnumValueW
SetNamedSecurityInfoW
SetEntriesInAclW
GetNamedSecurityInfoW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
SetSecurityInfo
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
CopySid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetTokenInformation
OpenProcessToken
LookupAccountSidW

kernel32

InterlockedDecrement
LoadLibraryW
GetProcAddress
GetModuleHandleW
lstrcmpiW
CloseHandle
SetEvent
MultiByteToWideChar
GetModuleFileNameW
Sleep
OutputDebugStringA
MoveFileExW
GetTempPathW
InterlockedIncrement
LeaveCriticalSection
ResetEvent
CreateEventW
SetPriorityClass
GetCurrentProcess
GetProfileIntW
FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetCommandLineW
HeapSetInformation
GetTickCount
GetTickCount64
GetSystemTimeAsFileTime
GetCurrentThreadId
SleepEx
QueueUserAPC
GetCurrentThread
InterlockedExchange
DuplicateHandle
HeapReAlloc
LocalAlloc
LocalFree
GetCurrentProcessId
K32GetModuleBaseNameW
CreateWaitableTimerW
CreateThread
CreateDirectoryW
CancelWaitableTimer
SetWaitableTimer
GetExitCodeThread
WaitForSingleObject
OutputDebugStringW
WaitForMultipleObjects
OpenThread
FindClose
FindNextFileW
DeleteFileW
SetFileAttributesW
FindFirstFileW
GetFileAttributesW
ExitThread
WaitForMultipleObjectsEx
GetLocalTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
lstrlenA
SetThreadExecutionState
GetVersionExA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
HeapAlloc
GetProcessHeap
HeapFree
EnterCriticalSection
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
EncodeSystemPointer
DecodeSystemPointer

user32

TranslateMessage
SetTimer
PostThreadMessageW
KillTimer
RegisterDeviceNotificationW
MsgWaitForMultipleObjectsEx
DispatchMessageW
PeekMessageW
UnregisterDeviceNotification
CharNextW
LoadStringW
UnregisterClassA

msvcrt

_wfopen
_resetstkoflw
calloc
__dllonexit
wcscat_s
wcsncpy_s
wcscpy_s
memcpy_s
free
_unlock
_errno
realloc
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_purecall
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_callnewh
_localtime64
wcsftime
wcstok_s
_time64
??0exception@@QAE@XZ
wcsstr
wcsncmp
_wcsnicmp
wcscspn
_lock
_onexit
??1type_info@@UAE@XZ
_controlfp
fputws
__setusermatherr
fflush
_itow_s
_CxxThrowException
??0exception@@QAE@ABV0@@Z
malloc
memcpy
memset
_ui64tow
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
memmove_s
swprintf_s
_vsnwprintf
wcschr
iswalpha
_wcsicmp
floor
__CxxFrameHandler3
_ftol2_sse
fclose

ole32

CoInitialize
CoTaskMemAlloc
CoImpersonateClient
CoRevertToSelf
CLSIDFromString
CoFreeUnusedLibrariesEx
CoCreateGuid
StringFromCLSID
CoDisconnectObject
CoWaitForMultipleHandles
CoInitializeSecurity
StringFromGUID2
CoUninitialize
CoInitializeEx
CoSuspendClassObjects
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance
CoTaskMemRealloc

oleaut32

SysStringByteLen
SysStringLen
VariantInit
VariantClear
SysAllocStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElement
DispCallFunc
SafeArrayRedim
VarBstrCat
SysFreeString
SysAllocStringByteLen
VarBstrCmp
SafeArrayCreate

shlwapi

PathFileExistsW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA

ehtrace

ehTraceEvent
ehUnregisterTraceGUIDs
ehFreeEventBuffer
ehAllocateEventBuffer
ehRegisterTraceGUIDs

shell32

SHGetKnownFolderPath
SHCreateDirectoryExW

slc

SLGetWindowsInformationDWORD

Exports

Exports

_CETWProvider_Initialize@20
_CETWProvider_TraceCriticalCall@12
_CETWProvider_TraceEHomeEvent@56
_CETWProvider_TraceErrorEvent@16
_CETWProvider_TraceErrorLevel@24
_CETWProvider_TraceEventID@12
_CETWProvider_TraceInfo@12
_CETWProvider_TracePerfMarkerEnd@12
_CETWProvider_TracePerfMarkerStart@12
_CETWProvider_TraceTextLevel@20
_CETWProvider_TraceVideoSize@16
_CETWProvider_Uninitialize@4

Sections

.text
Size: 520KB - Virtual size: 520KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

120cb0ff535b31a9f3f27b9e94c68802

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

ole32

oleaut32

shlwapi

version

ehtrace

shell32

slc

Exports

Exports

Sections

.text Size: 520KB - Virtual size: 520KB

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 25KB - Virtual size: 46KB

.text
Size: 520KB - Virtual size: 520KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 25KB - Virtual size: 46KB